Brexit vote site may have been hacked, MPs say in report

A voter registration site that crashed in the run-up to last year’s EU referendum could have been targeted by a foreign cyber attack, MPs say.

The ‘register to vote’ site crashed on 7 June last year just before the deadline for people to sign up to vote.

The UK government and electoral administrators blamed a surge in demand after a TV debate.

But MPs on the parliamentary Public Administration Committee say a foreign cyber attack could not be ruled out.

The suggestion came in their report at the end of their inquiry into Lessons learned from the EU Referendum.

The report, and published evidence with the report, does not appear to quote anyone saying that the voter registration site had been targeted.

And the Cabinet Office, who commissioned its own report into the website crash, said: ‘We have been very clear about the cause of the website outage in June 2016. It was due to a spike in users just before the registration deadline.

‘There is no evidence to suggest malign intervention. We conducted a full review into the outage and have applied the lessons learned. We will ensure these are applied for all future polls and online services.’

The website crashed at about 10.15pm on 7 June, 2016,, shortly after a televised debate and amid social media campaigns to get people to register to vote ahead of the midnight deadline. Official figures suggest 525.000 people applied to register to vote that day.

The Public Administration Committee’s chairman, Leave-supporting Conservative MP Bernard Jenkin, told BBC News there was no ‘hard and fast’ evidence the registration site had been targeted.

But he said the committee’s report had included the possibility that the crash ‘may have been caused by a DDoS (distributed denial of service attack) using botnets’ in its report ‘on advice’.

He declined to elaborate further.

At the time of the website crash the then Prime Minister David Cameron extended the deadline by 48 hours for registering to vote in the referendum - 430,000 people applied to register to vote during that extension period.

According to evidence submitted to the committee from the Association of Electoral Administrators the electoral registration system ‘could not cope with the demand... and any contingency measures were wholly inadequate’.

It says: ‘This concern had been raised on a number of occasions... reassurances had been given that what actually occurred could never happen.’

In its report the committee has also criticised Mr Cameron’s ‘questionable’ motives for calling a referendum in the first place, saying it had been done to ‘call the bluff’ of his critics and shut down ‘unwelcome’ debate.

It urged future governments to think carefully before promising nationwide votes on controversial issues, particularly if they are not prepared to implement an outcome they do not like.

‘There was no proper planning for a Leave vote so the EU referendum opened up much new controversy and left the prime minister’s credibility destroyed,’ the report says.

It said that civil servants should be required to prepare for both possible outcomes in future referendums - such as a second vote on Scottish independence - something they had been prevented from doing in the run-up to the Brexit vote.

The committee called on the government to set up a new Cyber Security Centre to monitor and contain potential attacks on UK elections and referendums - particularly foreign attempts to influence public opinion and disrupt the democratic process.

‘The US and UK understanding of ‘cyber’ is predominantly technical and computer-network based,’ said the report.

‘For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.

‘The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear,’ the report added.